<?php
include 'common.php';

$name = $_POST['name'];
$pwd = $_POST['pwd'];
$yzm = strtoupper($_POST['yzm']);
$vcode = strtoupper($_SESSION['vcode']);

$a = $_POST['a'];

//判断条件
if($yzm != $vcode) exit(jump('验证码不正确',3,"login.php"));
if(strlen($name) <= 0 ) exit(jump('用户名不能为空',3,"login.php"));
if(strlen($pwd) <= 0 ) exit(jump('密码不能为空',3,"login.php?name=$name"));

//密码加密
$pwd = md5($pwd);

//查询数据库
$sql = "select id,name,class from ".PRE."user where name='$name' and password='$pwd' and disable='0'";

$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if($result && mysql_affected_rows($link) > 0){
	$_SESSION['home'] = $row;
    //更新最后登录时间
    $time = time();
    $sql = "update ".PRE."user set login_time='{$time}' where name='{$name}'";
    mysql_query($sql);
	//echo '登陆成功，<a href="'. APP .'/index.php">去首页</a>';
	if($a == 'cart'){
		header('location:order_inf.php');
		exit;
	}
	//这里的session信息是在head文件里面生成的
	echo jump('登陆成功',3,$_SESSION['source']);
}else{
	//echo '登陆失败，<a href="'.APP.'/login.php?name='. $name .'">请返回</a>';
	echo jump('登陆失败',3,"login.php?name=$name");
}
